Secure token is ENABLED for user Charles Edge Simply pass the RecordName and you’ll get an indication if it’s on or off: To see if it can unlock FileVault we can use the -secureTokenStatus operator built into sysadminctl. But if it were, you would not have the AuthenticationAuthority attribute. Notice that the above is not the whole record you’d typically find with dscl. read /Users/krypted2Here’s a snippet of the dscl output: We could have passed those as well, using Now let’s use dscl to view the user we just created:ĭscl. Notice that in the above, the system automatically selected a home directory and UID. No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !Ĭreating home directory at /Users/krypted2 Sysadminctl -addUser krypted2 -fullName "Charles Edge" -password testinguser -hint hi In the below command, we’ll pass the -addUser option and then use -fullName to fill in the displayed name of the user, -password to send a password to the account and -hint so we can get a password hint into that attribute: You have to do so with other admin accounts per Apple kbase HT208171 (in fact, this article has been in my queue waiting for that issue to be fixed – but keep in mind I’m not prefacing these with sudo in the below commands). ![]() However, you can’t do these tasks as root or via sudo. Now you can create a user with a one-liner, and do other forms of user management, such as enabling FileVault for a given user, or managing the guest accounts. MacOS 10.13 brings changes to sysadminctl. You know those dscl scripts we used to use to create users? No longer supposed to be necessary (luckily they do still work).
0 Comments
Leave a Reply. |